Phishing Attacks 101: What's lurking in your email?

Phish credit

Oct 6, 2021

More and more organizations are implementing remote and hybrid work models than ever before. Though this presents quite a great deal of opportunity for employees and employers alike, it has also made organizations a great deal more vulnerable to cybersecurity threats.

This is especially true in the case of phishing attacks. These days, hackers are creating increasingly targeted and sophisticated cyberattack schemes to get a hold of organizations' most confidential and sensitive data, like patient and payroll records, bank information, and even supply chain data streams.

 In fact, according to a recent survey cited in Watchguard’s most recent phishing solution brief, of over 4,100 employees and information security professionals across an array of sectors, including financial services and healthcare, nearly 83% of their organizations were victims of phishing attack attempts in the last year alone—a significant increase from previous years.

The consequences of successful phishing attacks can be costly, and at times, catastrophic. According to global data, 18% of these organizations experienced financial loss or money wire fraud, costing an average of over $17k a minute, globally. However, costs aren’t always measured in just dollars and cents. Consequences reverberated across organizations in other ways as well:

  • 60% experienced loss of data
  • 52% experienced account and credential compromise
  • 47% experienced ransomware infections
  • 29% experienced other malware infections

So, what does that mean for small and mid-sized businesses? For one, cybersecurity precautions against phishing must remain top of mind, especially if your organization is powered by a remote or hybrid workforce. Knowing the basics, like how phishing attacks work and how to prevent these data breaches due to phishing schemes can go a long way to keeping your organization’s data secure.

So, what is a phishing attack anyway?

Most commonly, a phishing attack occurs through email. Cybercriminals will create fabricated scenarios, pretending to be someone they are not, in an attempt to attain sensitive or valuable data. Usually, these messages will be designed to trick targets by evoking fear, curiosity, or urgency so that you’ll open a malicious attachment, link, or even data entry fields.

Sometimes, hackers will even include information obtained on public sites, like social media networks, about the target audience. This makes messages seem more authentic, and more likely to result in successful phishing attacks.

Examples of phishing attacks can vary greatly. There’s not always someone presenting a pyramid scheme, requesting that you urgently wire money. Hackers often use recognizable brands to make their emails look legitimate. For example, you might receive an email that looks like a request to join a digital platform from another employee, a link to a new employee perk, a password update prompt, an email from a public entity like law enforcement, an overdue invoice reminder, or other automated notices.

How can you avoid a security breach due to a phishing attack?

To be most effective IT departments and managed service providers will employ a multi-pronged approach to ensure that they are able to defend against phishing attacks. Beyond traditional firewalls and password hygiene, at the company level, IT teams might consider:

  • Put scanning, monitoring, and blocking tools in place to detect and block malicious DNS requests, as well as block malicious files from making it through the network.
  • Implement endpoint security that destroys malware.
  • Utilize multi-factor authentication to make it tougher for to for security breaches due to compromised credentials.
  • Deploy phishing “tests” to determine whether or not efforts to educate employers around cybersecurity risks and best practices are effective.

However, defense against phishing attacks requires vigilance from everyone in an organization. Here are a few tips on how every employee can also help to prevent data breaches through phishing:

  • Starting with the basics, be extremely cautious about clicking links in emails. Even if you know the sender (or it appears that you do), you should hover over a link to preview the URL. However, sometimes, even this can be fabricated to look legitimate, so when in doubt, go to the site through your browser instead.
  • When entering sites, especially where you need to input information, look for the secured “padlock” icon in the URL search field.
  • If your device’s operating system, security software, browsers, or other company platforms are pushing notifications for updates, don’t ignore them. Often companies are constantly attempting to keep up with cyberattacks by patching “holes” in security, so failing to run updates can put your accounts and device at greater risk, making you the weak link for hackers looking to access sensitive information.
  • Be very wary of browser pop-ups. If your browser doesn’t already have one, ask your employer’s IT team or managed service provider if they recommend any particular ad blocker.
  • Rotate passwords often and opt to use multi-factor authentication whenever it is available. Sometimes accounts are compromised without your knowledge, so keeping passwords updated can thwart off cybercriminals that were holding onto your credentials.
Pro tip: Download our Email Security Tipsheet to help employees stay up-to-date on email security best practices.

Milner can help keep your organization’s data secure.

Especially for small and mid-sized businesses, guarding against today’s sophisticated cyber attacks can be a tremendous undertaking. Milner offers IT security solutions to clients in a wide array of geographic regions and sectors, including antivirus and malware protection, installation patches and updates, antivirus and malware protection, remote monitoring and remediation, and live help desk support 24/7/365, managed detection and response, IT security audits, and end user security training, and proactive threat management.

You can never be too sure that your organization’s critical information is safe and secure. Contact our managed IT and cybersecurity experts today.

new milner managed IT CTA